what are the security best practices with twilio and firebase? - amazon-web-services

I was looking for a tutorial or stackoverflow thread but I couldn't find a best practice how I can do it.
I have an ios swift app and I want to send sms if a user create an add a record in Firebase, like sending an invitation to someone or doing something which could affect other user.
According to some post on the internet and on your blog I need a server side script which makes it safe and I don't have to store those information in my swift code. Like here: https://www.twilio.com/blog/2016/11/how-to-send-an-sms-from-ios-in-swift.html
Currently I don't have a server. Only thing that I have is a Firebase account.
What is a best practice regarding security? For instance shall I create a webserver on AWS or just a AWS S3 bucket would be enough and shall I store those credentials or php codes there?
I'm quite new in the these things and unfortunately I don't know whom shall I ask.
Can somebody help me?

Related

Migration challenges from Redis to Memorystore

I have learned that Memorystore has full support for Redis protocols but there are some limitations. Please help me address the following challenges.
Unlike Redis Memorystore doesn't seem to support Master-Slave provisioning to incorporate Read Write/Read Only specific requests. Is there any workaround?
Existing Redis setup has password protected authentication mechanism in place? How do we enable Auth config for Memorystore?
Existing application level client codes are written in C++. Is there any workaround to leverage the existing codes to connect Memorystore?
Thanks in advance.
I will try to address your questions individually, for better formatting and in case you have further doubts on them.
As you mentioned and confirmed by a Google Agent here, Memorystore doesn't support Master-Slave provision. For now, it doesn't have a workaround for it as well. I believe opening a Feature Request with Google or answering the above Google Group question might be a good option, to receive an official return from Google.
For you to configure authentication in your Memorystore, you need to create a service account and set an environment variable. The steps to achieve that are the following:
In the Cloud Console, go to the Create service account key page.
Go to the Create Service Account Key page
From the Service account list, select New service account.
In the Service account name field, enter a name.
From the Role list, select Project > Owner.
Click Create. A JSON file that contains your key downloads to your computer.
Set the environment variable using the following command - next is an example: export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/[FILE_NAME].json".
There isn't official support to C++, however, you can use Client Libraries to connect to the API of the language you want. It might be worth it to give it a try with connecting to C++. I found this repository provided by Google, related to C++, that can be used to connect. This seems to be the only available option.
I hope these answers will help you, clarifying your doubts about the product.
Let me know if the information helped you!

How to use Facebook GraphQL

How to intercept and send HTTP requests for GraphQL?
I saw some people are able to find security bugs via GraphQL on Facebook. How do they do it?
Are there any tools available to test these calls?
Facebook GraphQL is an internal API so I'm not sure anyone here will be able to give you a detailed answer on using it. For testing GraphQL, you will want to check to see if a public schema is available.
Starting at https://graphql.org/ or going into the spec itself http://facebook.github.io/graphql/ might be of interest to you.
If the schema is not available then you're going to have to understand how the app works, follow the requests and make assumptions (like in the case with Facebook)

One account for some services

I cannot found some examples how to create a single account system for all services. For example, Google and Microsoft are use these structure. I have site and some services and I need to user registers at once and can use all service and site. But I never made this earlier and don't know even how to build so services.
Now I think make an auth service with OAuth 2 support. And my services connect to this service and authenticate in it. After the connected service gets a user ID and creates a local account with more details (which needed only for this service) and global user ID. But maybe someone know another solution. Just I don't sure that is the best solution.
P.S. I don't ask for examples of code or something else. I just need to understand the principle of operation of such related services as they interact.

How to retrieve data from cloud using rest service

Our employee salary data are stored in the cloud provided by the third party. Currently, the third party need to send us a copy of the database to us and we recover it to our local server for reporting purpose. I need to build a application to retrieve the data directly from the cloud and use the only tables we need for report purpose. the third party provide restful service to do this, but since I am new to web service programming, I am kind of lost here to decide what to do. So my question is what is the best way that i could proceed this.
Any help will be appreciated.
The first place to start is to familiarize yourself with a coding language you'd like to use. You can usually find documentation from the REST API provider on the 'developer' section of their website. Once on their site, you can usually setup a developer sandbox account and grab a few quick examples from the documentation in the most popular languages i.e Java, PHP etc. Then, using the documentation, tweak the example to get the data you want for your app.
It is common for REST APIs to assign you a key/token that you will use with each request. Refer to their documentation for more examples.

Authenticate user through Azure AD from AWS Lambda

I'm very sorry to ask such a broad question, but I haven't found any direct answer when I and colleagues have searched the internet.
We have AWS Lambdas that needs to authenticate and authorize from an Azure AD.
How do we accomplish this?
I understand that the question is very broad and hard to answer, but if someone knows of a good guide or some step by step instructions that can help me get going I would appreciate it greatly.
Forget the "AWS Lambda" part. Consider it as external app that needs to get token from Azure AD in order to have it's requests authorized. You can achieve this using Azure AD REST API.
https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
Microsoft offer the Active Directory Authentication Library. Information on ADAL can be found here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries
In terms of identity and access management, you have a few options but I would recommend the use of Azure Service Principals. More information can be found:
https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
If you're not familiar with Azure AD, or OAuth, and are inquisitive enough, you should really start at the beginning:
https://learn.microsoft.com/en-us/azure/active-directory/develop/
The docs are written plainly and very well, in my opinion.